OFAC & FINRA – What You Need to Know
The Office of Foreign Assets Control (OFAC) and Financial Industry Regulatory Authority (FINRA) both play a role in regulating the securities market in the United States. OFAC shares responsibility with the U.S. Department of Justice (DOJ) and other federal agencies for enforcing the Bank Secrecy Act (BSA). The BSA applies to “financial institutions,” as defined in 31 U.S.C. Section 5312(a)(2), which includes securities brokers and investment companies. FINRA regulates the securities broker-dealer industry alongside the U.S. Securities and Exchange Commission (SEC), establishing requirements for brokers and firms as well as providing an arbitration venue for resolving customer disputes.
For companies, firms, and individuals in the securities industry, OFAC compliance and FINRA compliance go hand-in-hand—so much so that until recently FINRA hosted a FINRA OFAC search tool that offered assistance with complying with OFAC’s sanctions programs. While FINRA retired this search tool in January 2023, investment companies, brokerage firms, and individual broker-dealers must continue to maintain strict compliance with OFAC sanctions programs, FINRA’s Rules, and federal laws like the BSA that fall within OFAC’s and FINRA’s enforcement jurisdiction.
Managing OFAC and FINRA Compliance in the Securities Industry in 2023
OFAC compliance and FINRA compliance each present their own unique set of challenges. Companies and firms’ obligations vary based on their size, financial resources, customer base, and various other factors; and, while OFAC and FINRA have both published compliance resources, they have also made clear that these resources are illustrative rather than instructive. There is no one-size-fits-all approach to OFAC and FINRA compliance, yet all investment companies, brokerage firms, and individual broker-dealers must ensure that they are prepared to affirmatively demonstrate compliance to OFAC and FINRA when necessary.
With this in mind, here is a brief overview of some of the key aspects of OFAC and FINRA compliance for investment companies, brokerage firms, and individual broker-dealers in 2023:
Key Aspects of OFAC Compliance in the Securities Industry
For investment companies and brokerage firms, OFAC compliance focuses predominantly (though not exclusively) on avoiding doing business with Specially Designated Nationals (SDNs) and otherwise engaging in business that violates OFAC sanctions. As OFAC explains, “[SDNs’] assets are blocked and U.S. persons are generally prohibited from dealing with them.” Under OFAC’s regulations, “U.S. persons” include both individuals and entities.
To maintain compliance with the BSA and OFAC’s sanctions programs, investment companies and brokerage firms must take steps including (but by no means limited to):
- Implementing “know-your-customer” (or “KYC”) policies designed to identify SDNs
- Implementing safeguards designed to identify transactions involving SDNs and their related parties
- Blocking or rejecting transactions involving SDNs and/or implicating other OFAC sanctions programs
- Timely reporting all blocked and rejected transactions to OFAC
- Appointing an OFAC compliance officer who holds primary responsibility for administering the company’s or firm’s OFAC compliance program
- Providing OFAC compliance training to all personnel who are involved in conducting customer due diligence and processing transactions
- Conducting periodic risk assessments, tests, and audits to confirm the effectiveness of the company’s or firm’s OFAC compliance program (and identify any gaps that need to be filled)
Again, these are just examples. OFAC’s A Framework for OFAC Compliance Commitments and Sanctions Enforcement Guidelines provide additional insights into what it takes to maintain an effective OFAC compliance program. Ultimately, however, investment companies and brokerage firms must independently assess their compliance obligations and develop a custom-tailored compliance program that addresses their specific risks and needs.
Key Aspects of FINRA Compliance for Brokerage Firms and Broker-Dealers
While OFAC compliance largely focuses on addressing the prohibitions that apply under the Office’s sanctions programs, FINRA compliance focuses primarily on investor protection. FINRA’s Rules impose wide-ranging requirements and prohibitions for both brokerage firms and individual broker-dealers—starting with the requirement to register before offering brokerage services to customers in the United States. But, registration is truly just the start of FINRA compliance. Under FINRA’s Rules, other key aspects of compliance include (but are not limited to):
- Customer disclosures
- Avoiding conflicts of interest
- Providing suitable investment advice
- Supervisory responsibilities
- Customer and transaction record-keeping requirements
- Clearing and transaction requirements
- Financial and operational standards
Within each of these broad categories (among others), brokerage firms and individual brokers have a host of specific obligations. Here, too, firms must take adequate steps not only to implement an effective compliance program, but also to effectively maintain—and document—compliance on an ongoing basis.
Building and Implementing an Effective OFAC-FINRA Compliance Program
While OFAC compliance and FINRA compliance each present unique challenges and requirements, companies, firms, and brokers can address many aspects of compliance simultaneously. There is definitely some overlap, and developing a single, integrated compliance program can both streamline compliance and minimize the risk of failures. Here are some key considerations:
1. Senior Management and an Organizational Commitment to Compliance
OFAC describes “Senior Management’s commitment to, and support of, an organization’s risk-based [sanctions compliance program]” as an “essential component of compliance” and “one of the most important factors in determining its success.” Likewise FINRA expects all brokerage firms to take a top-down approach to compliance—fostering an environment where compliance is rewarded and where individuals who commit violations are held accountable.
All investment companies and brokerage firms should have an OFAC compliance officer and a FINRA compliance officer who holds primary responsibility for updating and upholding the organization’s compliance program. These may or may not be the same person; and, depending on a company’s or firm’s size and geographic disbursement, a larger compliance team may be necessary as well.
2. Written Compliance Policies and Procedures
Effectively managing OFAC and FINRA compliance starts with adopting written compliance policies and procedures. A company’s or firm’s compliance policies and procedures must be custom-tailored to its operations and organizational structure—and, at the same time, comprehensively address all pertinent OFAC and FINRA requirements. Where these requirements overlap (i.e., with respect to customer identification), companies and firms should adopt integrated policies and procedures in order to avoid duplication and confusion. In many respects, having policies and procedures that are concise and well-organized is just as important as ensuring compliance policies and procedures’ comprehensiveness.
3. Software Applications and Other Means of Implementation
In today’s world, software plays a critical role in both OFAC and FINRA compliance. Investment companies and brokerage firms must invest in software applications that allow them to accurately identify their customers, identify applicable OFAC sanctions, appropriately document all transactions, and process all transactions in accordance with FINRA’s requirements. While there are multiple platforms on the market, some are better than others, and companies and firms must take the time necessary to ensure that their software tools are both appropriately customized and up to date.
Along with software, effectively managing OFAC and FINRA compliance requires various other means of implementation as well. As with other aspects of compliance, determining an individual company’s or firm’s specific needs requires critical analysis on a case-by-case basis.
4. Personnel Training
With policies, procedures, software, and other necessary means of implementation in place, investment companies and firms must train their personnel on all pertinent aspects of OFAC and FINRA compliance. Personnel in different positions will need to know different information—and their training programs should be developed accordingly. For example, individuals who are responsible for conducting KYC research and processing transactions will play a different role in managing compliance than broker-dealers. Both groups of personnel need training, but their training programs will be (or should be) almost entirely unalike.
5. Risk Assessments and Compliance Testing and Auditing
Both OFAC and FINRA expect investment companies and brokerage firms to assess the efficacy of their compliance programs on an ongoing basis. Establishing compliance is not a one-time event, but rather a continuous process that requires reevaluation and refinement.
To this end, companies and firms should conduct risk assessments as well as compliance tests and audits as often as necessary to maintain a reasonably up-to-date understanding of the efficacy of their compliance programs. When a risk assessment, test, or audit reveals a shortcoming in a company’s or firm’s compliance program, the deficiency should be addressed promptly in order to avoid unnecessary risks and consequences.
6. Internal Compliance Enforcement
Along with internal compliance monitoring, internal compliance enforcement is important as well. As noted above, individual personnel who are responsible for OFAC and FINRA compliance violations should be held accountable. At the same time, however, companies and firms must assess why violations occur and address the root cause before it leads to additional issues.
7. Voluntary Self-Disclosure, OFAC Examinations, and FINRA Investigations
Finally, in addition to addressing compliance internally, companies and firms must also address the external risks associated with OFAC and FINRA compliance failures. In some circumstances, voluntary self-disclosure may be necessary—even if it triggers an OFAC examination or FINRA investigation. Companies and firms should proactively prepare for the possibility of facing OFAC or FINRA scrutiny as well. Among other things, this means ensuring that they have sufficient documentation on hand to affirmatively demonstrate their comprehensive and good-faith efforts to maintain compliance.
Contact the OFAC and FINRA Compliance Lawyers at Oberheiden P.C.
Do you have questions about OFAC or FINRA compliance (or both)? If so, we invite you to get in touch. To speak with an OFAC and FINRA compliance lawyer at Oberheiden P.C., please call 888-680-1745 or request a complimentary consultation online today.